Introduction: In the relentless landscape of cybersecurity, staying ahead of adversaries requires a constant flow of curated, actionable intelligence. The RadioCSIRT newsletter, as highlighted by industry veteran Marc-Frédéric Gomez, serves as a critical briefing for security professionals, distilling the week's most significant threats, vulnerabilities, and adversary campaigns into an essential strategic resource for CERTs, SOCs, and threat intelligence teams. Learning Objectives:

Source: RadioCSIRT Podcast – Episode 281 1. Langflow Remote Code Execution (CVE-2025-3248) A critical vulnerability in Langflow, an AI agent platform, allows unauthenticated remote code execution (RCE). The flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. You Should Know: Detection & Mitigation: Check Langflow logs for suspicious activity grep -i "remote_execution" /var/log/langflow/access.log Block unauthenticated API access via firewall…

🔗 Security Report: 🔗 Stealc Malware Update: 🔗 CISA Budget Threat: 🔗 RadioCSIRT Podcast: You Should Know: 1. Malicious Go Modules Targeting Linux Three infected Go modules deploy done.sh, a script that wipes /dev/sda, bricking Linux systems. Developers are primary targets. Detection & Mitigation: Check for suspicious Go modules go list -m all | grep -E "(malicious-module1|malicious-module2)"

RadioCSIRT, a leading francophone cybersecurity resource, is transitioning from audio podcasts to video content to deliver more pedagogical analyses, technical demos, and threat intelligence insights. The platform aims to expand its audience via YouTube, LinkedIn, and Twitch while maintaining its independent, rigorous approach. 🔗 Campaign Link: You Should Know: 1. Setting Up a Cybersecurity Video Studio To replicate RadioCSIRT’s professional setup, consider these tools and commands:

The latest edition of RadioCSIRT Hebdo N°9 delivers critical cybersecurity updates, expert interviews, and technical breakdowns of vulnerabilities. Key highlights include: Exclusive Interview: Alexandre Dulaunoy discusses the GCVE project, a European initiative to revolutionize vulnerability management. Pi-hole DNS Security: A deep dive into this open-source solution for network protection, SIEM integration, and practical use cases for CERT/SOC teams. Critical CVE Analysis: Handpicked vulnerabilities with technical context for actionable insights.

The FBI's 2024 cybercrime report reveals staggering losses exceeding $16 billion, driven by a surge in cryptocurrency investment scams and phishing attacks. Below are critical takeaways and actionable defenses. 🔗 Source: RadioCSIRT Podcast Episode 271 You Should Know: Practical Defenses Against 2024 Cybercrime Trends 1. Phishing Attacks Detect Suspicious Emails: Use grep to scan emails for phishing keywords (Linux/Mac) grep -Ei "urgent|account suspended|verify your account|unusual login" /var/mail/user…

Source: RadioCSIRT Episode 261 You Should Know: 1. Microsoft Entra’s MACE Credential Revocation Issues Microsoft Entra’s new MACE Credential Revocation feature has triggered widespread account lockouts due to false positives, bypassed MFA, and erroneous alerts. Admins report systemic challenges. Commands to Diagnose & Mitigate: Check Azure AD sign-in logs for lockout events Get-AzureADAuditSignInLogs -Filter "status/errorCode eq '50057'" -Top 100 Unlock a user account (Exchange Online)

Votre podcast quotidien sur l'actualité de la Cybersécurité